Dropbox was not hacked. At least, that is according to them. And in truth it wasn’t… at least, not in the strict definition of the word hacked. With that being said, it was compromised. It could in fact be that another service was hacked, but the hackers then cross-referenced those passwords to Dropbox and found hundreds (if not thousands) of them worked.
The bottom line is you have to change your passwords – all of them – often. I don’t have a recommendation of how often, but more often than twice a year for sure. Also here’s a good rule: if you join a site and they e-mail your password to you, assume that the password you used is not secure. If you enter a password on a site they should be able to send you a link to reset it, but they should not actually know what it is.
For more information, see the following article from my archives: https://garvis.ca/2012/11/21/pass-the-word/